From 1433d4337cdfa6422d75e83ef63b8f64fc95bf6b Mon Sep 17 00:00:00 2001 From: usa Date: Sat, 9 Sep 2017 14:06:50 +0000 Subject: asn1: fix out-of-bounds read in decoding constructed objects * OpenSSL::ASN1.{decode,decode_all,traverse}: have a bug of out-of-bounds read. int_ossl_asn1_decode0_cons() does not give the correct available length to ossl_asn1_decode() when decoding the inner components of a constructed object. This can cause out-of-bounds read if a crafted input given. Reference: https://hackerone.com/reports/170316 https://github.com/ruby/openssl/commit/1648afef33c1d97fb203c82291b8a61269e85d3b git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59800 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 6f52c2d098..fb4ba3c204 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,16 @@ +Sat Sep 9 23:05:31 2017 Kazuki Yamaguchi + + asn1: fix out-of-bounds read in decoding constructed objects + + * OpenSSL::ASN1.{decode,decode_all,traverse}: have a bug of + out-of-bounds read. int_ossl_asn1_decode0_cons() does not give the + correct available length to ossl_asn1_decode() when decoding the + inner components of a constructed object. This can cause + out-of-bounds read if a crafted input given. + + Reference: https://hackerone.com/reports/170316 + https://github.com/ruby/openssl/commit/1648afef33c1d97fb203c82291b8a61269e85d3b + Sat Sep 9 22:57:24 2017 SHIBATA Hiroshi * ext/json: bump to version 1.8.3.1. [Backport #13853] -- cgit v1.2.3